🔐

PKI and Encryption Overview

Sep 11, 2025

View transcript

Overview

This lecture explains Public Key Infrastructure (PKI), symmetric and asymmetric encryption, and how digital certificates and key management work in organizations.

Public Key Infrastructure (PKI)

  • PKI refers to policies, procedures, hardware, and software for managing digital certificates.
  • PKI handles creating, distributing, storing, revoking, and managing digital certificates.
  • PKI is often associated with certificate authorities (CAs) that help establish trust between users and devices.

Symmetric Encryption

  • Symmetric encryption uses one key for both encryption and decryption of data.
  • This key must be kept secret and shared between all parties needing decryption access.
  • Managing keys becomes difficult as the number of users increases.
  • Symmetric encryption is fast and efficient, making it widely used despite scalability challenges.
  • It's also called a secret key algorithm or shared secret encryption.

Asymmetric Encryption

  • Asymmetric encryption uses two mathematically related keys: a public key and a private key.
  • The public key is shared openly; the private key is kept secret by its owner.
  • Data encrypted with the public key can only be decrypted with the private key.
  • The mathematical relationship between keys prevents deriving the private key from the public key.
  • Key pairs are created simultaneously, often involving randomization and large prime numbers.

Public/Private Key Usage Example

  • Users generate a public/private key pair; the public key is shared, the private key is kept secure.
  • To send encrypted messages, someone uses the recipient’s public key to encrypt, and only the private key can decrypt it.
  • Private keys are often password-protected for added security.

Key Management in Organizations

  • Individuals manage their own keys in small settings, but larger organizations require more robust key management solutions.
  • Key escrow allows a third party to securely store private keys in case access is needed later.
  • Escrow enables data recovery if a user leaves or is unavailable.
  • Sometimes, organizations must hand over private keys to maintain business continuity.

Key Terms & Definitions

  • Public Key Infrastructure (PKI) — System for managing digital certificates and encryption keys.
  • Symmetric Encryption — Encryption method using the same key for both encrypting and decrypting data.
  • Asymmetric Encryption — Uses a pair of mathematically related keys (public and private) for encryption and decryption.
  • Certificate Authority (CA) — Trusted organization that issues and manages digital certificates.
  • Key Escrow — Process where a third party holds encryption keys for backup or recovery purposes.

Action Items / Next Steps

  • Review how symmetric and asymmetric encryption are used together in real-world systems.
  • Understand the roles of PKI and CAs for trusting digital identities.

Full transcript